Rezonate
  • 🏠Home
  • 🚩Platform Tour
    • πŸ‡»πŸ‡³Platform Dashboard
    • πŸ†”Identity Analytics
      • πŸͺͺIdentity Centric
      • πŸ”‘Identity By Platform
    • ⚠️Risks & Threats
      • Highlighted ITDR Capabilities
  • ℹ️How-to Guides
    • βž•Adding Integrations
    • 🀦Manage Users
    • πŸ§‘β€πŸ’ΌCustomize Exposures
    • πŸ‘οΈβ€πŸ—¨οΈQuerying & Filtering Data
  • πŸ“Core Integrations
    • Azure Integration
      • Required Privilegees
      • Update Certificate for Existing Installation
    • Okta Integration
      • Okta Integration -Remediation Supported
    • Google Workspace
      • 1-Click Integration
      • Legacy Integration
    • Google Cloud Integration
    • Zoom Integration
    • DocuSign Integration
    • GitHub Integration
      • GitHub Enterprise Expansion
    • AWS Integration
      • AWS - Required Privileges
      • Log Streaming Integration
    • Salesforce Integration
      • Salesforce - Collected Data & Query Volume
    • JAMF Pro Integration
    • CircleCI Integration
    • Auth0 Integration
    • Cloudflare Integration
    • CrowdStrike Integration
      • Integrating Permissions
    • Slack Integration
    • Workday Integration
    • BambooHR Integration
    • Snowflake Integration
    • LastPass Integration
    • SentinelOne integration
    • SAP Cloud Platform Integration
    • GitLab Integration
    • Oracle NetSuite Integration
    • Atlassian Cloud Integration
    • Zendesk Integration
    • HiBob Integration
    • Microsoft Defender Integration
    • Docusign Integration
    • Mongo Atlas Integration
    • Ping Identity One Integration
    • Generic HRIS Integration
  • πŸ“Notifications & Alerts
    • Slack Integration
    • HTTP Webhook Integration
      • Webhook Alert Example - Saved Search
      • Webhook Alert Example- ITDR
    • Microsoft Teams Integration
    • Torq Integration
    • Email Integration
    • Splunk Integration
    • Datadog Integration
    • PagerDuty Integration
    • Jira Integration
  • πŸ†˜Troubleshooting & Support
    • Collectors IP Ranges
    • Data Processing
      • AWS
      • Azure Active Directory
      • Azure Cloud
      • Google Workspace
    • SSO Integrations
      • SSO Login - Okta
      • SSO Login - AzureAd
  • πŸ““Legal & Terms
Powered by GitBook
On this page
  • Step 1 - Enable Required Google Cloud API
  • Step 2 - Grant Rezonate Access to Your Google Cloud Organization
  1. Core Integrations

Google Cloud Integration

PreviousLegacy IntegrationNextZoom Integration

Last updated 9 months ago

To integrate GCP you must first integrate Google Workspace

Step 1 - Enable Required Google Cloud API

  1. Log in to the Google Cloud console with organization administrator credentials.

  2. Start Cloud Shell by clicking the CLI icon on the right side of the bar.↓

  3. In the shell interface, enter the following script to enable required API access, in all of the projects that Rezonate should protect.

for project in $(gcloud projects list --format="value(projectId)")

do

echo "ProjectId: $project"

gcloud services enable cloudresourcemanager.googleapis.com --project=$project

gcloud services enable recommender.googleapis.com --project=$project

gcloud services enable cloudasset.googleapis.com --project=$project

gcloud services enable policyanalyzer.googleapis.com --project=$project

done

Enabling these API's allows us to enumerate resources, privileges, and other capabilities.

List of APIs and their usage

API Endpoint
Why Rezonate Requests This Endpoint

cloudresourcemanager.googleapis.com

This API allows reading of the organizational structure and objects in it.

recommender.googleapis.com

This API allows the reading of Google insights regarding your organization.

cloudasset.googleapis.com

This API allows the reading of resources within your projects.

policyanalyzer.googleapis.com

This API allows the reading of policies throughout the whole organizational structure.

Step 2 - Grant Rezonate Access to Your Google Cloud Organization

  1. Head over to the page. Use the organization/project drop-down list to choose your Organization.

  2. Click Grant Access.

  3. In the New Principals box, enter the email address provided by Rezonate - rezonate@rezonapp.iam.gserviceaccount.com, to establish trust between the organizations.

  4. In the Role boxes, grant the new service account the following read-only roles, at the organization level:

    1. Browser

    2. Security Reviewer

    3. Viewer

  5. Click Save.

  1. Execute the following commands to retrieve your organization ID, and the list of all project IDs and filter the ones you want Rezonate to access:

gcloud projects list --format="value(projectId)"

gcloud organizations list --format="value(ID)"

On the same page, you should now be able to see that Rezonate’s service account was assigned with the roles you added.

Save and send your organization ID and the project IDs you wish Rezonate to protect.

πŸ“
IAM